TY - GEN
T1 - RBAC on the Web by Smart Certificates
AU - Park, Joon S.
AU - Sandhu, Ravi
N1 - Publisher Copyright:
© 1999 ACM.
PY - 1999
Y1 - 1999
N2 - We have described in another paper how to develop and use smart certificates by extending X.509 with several sophisticated features for secure attribute services on the Web. In this paper, we describe an implementation of RBAC (Role-Based Access Control) with role hierarchies on the Web as one possible application of smart certificates. To support RBAC, we issued smart certificates - which hold the subjects' role information - and configured a Web server to use the role information in the certificate instead of identities for its access control mechanism. Since the subjects' role information is provided integrity, the Web server can trust the role information after authentication and certificate verification by SSL, and uses it for role-based access control. To maintain compatibility with existing technologies, such as SSL, we used a bundled (containing the subject's identity and role information) smart certificate in the user-pull model.
AB - We have described in another paper how to develop and use smart certificates by extending X.509 with several sophisticated features for secure attribute services on the Web. In this paper, we describe an implementation of RBAC (Role-Based Access Control) with role hierarchies on the Web as one possible application of smart certificates. To support RBAC, we issued smart certificates - which hold the subjects' role information - and configured a Web server to use the role information in the certificate instead of identities for its access control mechanism. Since the subjects' role information is provided integrity, the Web server can trust the role information after authentication and certificate verification by SSL, and uses it for role-based access control. To maintain compatibility with existing technologies, such as SSL, we used a bundled (containing the subject's identity and role information) smart certificate in the user-pull model.
UR - http://www.scopus.com/inward/record.url?scp=34547330729&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=34547330729&partnerID=8YFLogxK
U2 - 10.1145/319171.319172
DO - 10.1145/319171.319172
M3 - Conference contribution
AN - SCOPUS:34547330729
T3 - RBAC 1999 - Proceedings of the 4th ACM Workshop on Role-Based Access Control
SP - 1
EP - 9
BT - RBAC 1999 - Proceedings of the 4th ACM Workshop on Role-Based Access Control
PB - Association for Computing Machinery, Inc
T2 - 4th ACM Workshop on Role-Based Access Control, RBAC 1999
Y2 - 28 October 1999 through 29 October 1999
ER -